1. Field of the Invention
The present invention relates generally to computers and data processing applications and, more particularly, to system and methodology providing a secure workspace environment.
2. Description of the Background Art
Growth of Internet-based remote access technologies has lead to an increasing number of users working in unprotected or untrusted environments. Home users connect to their corporate networks via different VPN clients. People on vacations check their emails via public kiosks. Sales agents connect to their databases via wireless services in airports. Large networks now are not just broadband lines that connect offices in several states or countries, they are far more complicated and far less controlled at the end-points (e.g., at individual personal computers). As the number of mobile users grows, the number of potential threats also grows. Potential threads include, but are not limited to, phishing attacks, identity theft, trade secrets theft, and the like.
A network of the typical large organization can be protected with various tools. For example, a firewall is installed to protect a company's gateway. Anti-virus software is installed on the company's mail server to scan incoming and outgoing email. Anti-virus software can be also installed on individual end user computers. For remote users, SSL VPN or IPSEC VPN is available to connect to the company's network from remote sites. For managing these environments, IT departments typically develop and deploy a set of security rules (security policy) to endpoints. Notwithstanding the availability of these foregoing tools, corporate IT departments still face a complex problem: how to ensure confidentiality of the sessions when users connect to their corporate networks from untrusted end-points, end-points that cannot be controlled by IT departments.
Consider VPN, for instance. Existing VPN solutions provide a mechanism to encrypt the traffic between a given end-point and corporate gateway. However, these schemes can be easily broken on the end-point, thus providing the attacker with access to the end-point computer before, during, or after the session. For example, the attacker can install keyboard monitoring (keylogger) software and monitor all user activities. The attacker is then able to spoof the user's credentials (user name and password). Also, the attacker may analyze the cache of the user's web browser, and thus retrieve information about what sites were visited by the user and reveal all other session information. The attacker may also analyze the files that remain after the session is complete. For example, the attacker may analyze files used by the user's computer operating system (e.g., Microsoft Windows), including analyzing the user's profile present in temporary folders. Similarly, the attacker may analyze files used by various applications, such as Microsoft Word, Microsoft Excel, and Adobe Acrobat—files that were left by the user after the session completed. All told, the basic problem that remains today is how to create a secure environment within untrusted end-points, such as web kiosks or home computers.
There have been some attempts to try to address this problem. For convenience, they can be divided into several categories from an architectural and technological point of view: (1) Policy enforcement; (2) Virtual operating system (OS); and (3) Secure environment within existing OS. Each will be examined in greater detail.
Policy Enforcement
Before the secure session between the end-point and company gateway is established, a small application, let us call it the “Enforcement Agent” (EA), is downloaded to the end-point computer. The EA can be implemented as an Active X component that can be launched by the Internet Explorer browser, or it can be a java application, or even a tiny executable (e.g., downloaded to the user's computer). In operation, the EA checks the endpoint computer for compliance with a policy. A typical policy can be, for example, include requirements that the end-point (requesting a session) must have Windows XP or newer Microsoft Operating system installed, must have ZoneAlarm® firewall installed, must have antivirus installed (e.g., McAfee or Norton), and must have no known malware installed. If the end-point does not comply with these policy requirements, the EA reports to the gateway that the given end-point is not compliant and the user will not be able to login to the company's network. In such a case, the user must install the requisite software or find another computer that meets the policy requirements.
Virtual OS
A virtual OS (operating system) solution attempts to create a virtual, more-secure operating system inside an untrusted operating system on the end-point. A typical solution would be to create a portable USB device with preinstalled and preconfigured Linux OS. Linux is booted from the USB device and all session data and temporary files are saved to the USB device. The preconfigured Linux USB device has all necessary software installed: VPN client, email client, spreadsheet application and word processor, for example.
Secure Environment
The goal of this solution is to create a secure environment using the underlying operating system or an application. For example, an Internet Explorer browser plug-in (so-called “BHO”) could conceivably be developed that is able to encrypt all Internet Explorer session data, including cookie, cache, and temporary files. In this case, when the user accesses web sites or web applications from such protected browser, all session data is encrypted and not accessible to the attacker.
Each attempt described above provides a real world solution that poses serious barriers for the attacker, and thus there are many commercial products that utilize these concepts. However, each of the attempts, while it provides a serious barrier for the attacker, either can be bypassed or has serious drawbacks. For example, although policy enforcement is a must-have solution for every end-point, it is not sustainable to targeted attacks. An attacker can take popular keylogger software and modify it so that popular antivirus or antispyware products will not be able to detect it. Another significant drawback of policy enforcement is that it does not delete temporary session data that can be analyzed by the attacker afterwards.
The virtual OS solution is inconvenient at best, as it does not give the user a chance to work with the applications that he or she normally works with: Internet Explorer, Microsoft Word, Excel, or Adobe Acrobat. As a result, the solution incurs a significant learning curve for the user and an increased amount of troubleshooting and support for IT departments. Furthermore, the physical requirements of the approach are problematic. Not all kiosks will allow access to plug-in USB devices or boot from them.
Currently, all existing prior art solutions for providing a secure environment either can be easily bypassed or are oriented to provide only limited protection (e.g., of certain application, such as a plug-in for Internet Explorer). Accordingly, a better solution is sought.